Windows 11 To Block Brute Force Ransomware Attacks by Default
Microsoft recently rolled out a new security policy for Windows 11 that aims to curb the growing ransomware threat by blocking some brute-force attacks.
Current Windows 11 testing builds (Insider Preview 22528.1000 and newer) will now block ransomware-connected attacks as they happen by default. The announcement was made in a tweet by David Weston, Vice President, OS Security and Enterprise at Microsoft.
"Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors," tweeted Weston. "This technique is very commonly used in Human Operated Ransomware and other attacks -- this control will make brute forcing much harder which is awesome!"
A further tweet by Weston also confirmed that the policy change will also be coming to Windows 10 and Windows Server in the near future.
Microsoft is taking this step to not only limit the growth of human-operated ransomware, but to mitigate some of the financial damage, which is also on the rise. According to the "2022 Unit 42 Ransomware Report" by security firm Palo Alto Networks, the ransom demands increased in value by 144 percent year over year to average $2.2 million per demanded ransom.
"As these ransomware gangs and RaaS operators find new ways to remove technical barriers and up the ante, ransomware will continue to challenge organizations of all sizes in 2022," read the report.
The recent policy change in the test builds is just one way in which Microsoft is taking a proactive approach to the growing ransomware threat. Microsoft also recently updated Microsoft Defender for Endpoint to intercept and identify ransomware and other advanced attacks. Outside of the one-line announcement, the company did not share any further details on the new changes to its security software.